Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Gesperrtes System_Trojaner Bundespolizei_Win7 32bit

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.09.2012, 09:59   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gesperrtes System_Trojaner Bundespolizei_Win7 32bit - Standard

Gesperrtes System_Trojaner Bundespolizei_Win7 32bit



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.09.2012, 23:19   #17
Elektritze
 
Gesperrtes System_Trojaner Bundespolizei_Win7 32bit - Standard

Gesperrtes System_Trojaner Bundespolizei_Win7 32bit



Hier das Log zu TDSS:

Code:
ATTFilter
23:06:42.0220 0240  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
23:06:42.0283 0240  ============================================================
23:06:42.0283 0240  Current date / time: 2012/09/05 23:06:42.0283
23:06:42.0283 0240  SystemInfo:
23:06:42.0283 0240  
23:06:42.0283 0240  OS Version: 6.1.7601 ServicePack: 1.0
23:06:42.0283 0240  Product type: Workstation
23:06:42.0283 0240  ComputerName: ***-PC
23:06:42.0283 0240  UserName: Anwender
23:06:42.0283 0240  Windows directory: C:\Windows
23:06:42.0283 0240  System windows directory: C:\Windows
23:06:42.0283 0240  Processor architecture: Intel x86
23:06:42.0283 0240  Number of processors: 2
23:06:42.0283 0240  Page size: 0x1000
23:06:42.0283 0240  Boot type: Normal boot
23:06:42.0283 0240  ============================================================
23:06:43.0718 0240  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:06:43.0718 0240  ============================================================
23:06:43.0718 0240  \Device\Harddisk0\DR0:
23:06:43.0733 0240  MBR partitions:
23:06:43.0733 0240  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:06:43.0733 0240  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D190800
23:06:43.0733 0240  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1D1C3000, BlocksNum 0x1D1C2000
23:06:43.0733 0240  ============================================================
23:06:43.0765 0240  C: <-> \Device\Harddisk0\DR0\Partition2
23:06:43.0796 0240  D: <-> \Device\Harddisk0\DR0\Partition3
23:06:43.0796 0240  ============================================================
23:06:43.0796 0240  Initialize success
23:06:43.0796 0240  ============================================================
23:07:29.0785 2544  ============================================================
23:07:29.0785 2544  Scan started
23:07:29.0785 2544  Mode: Manual; SigCheck; TDLFS; 
23:07:29.0785 2544  ============================================================
23:07:30.0253 2544  ================ Scan system memory ========================
23:07:30.0253 2544  System memory - ok
23:07:30.0253 2544  ================ Scan services =============================
23:07:30.0939 2544  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:07:31.0048 2544  1394ohci - ok
23:07:31.0126 2544  [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Professional.9.0 C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
23:07:31.0157 2544  ABBYY.Licensing.FineReader.Professional.9.0 - ok
23:07:31.0189 2544  [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
23:07:31.0438 2544  acedrv11 - ok
23:07:31.0454 2544  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:07:31.0469 2544  ACPI - ok
23:07:31.0485 2544  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:07:31.0547 2544  AcpiPmi - ok
23:07:31.0594 2544  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:07:31.0610 2544  AdobeARMservice - ok
23:07:31.0657 2544  [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:07:31.0672 2544  AdobeFlashPlayerUpdateSvc - ok
23:07:31.0719 2544  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:07:31.0735 2544  adp94xx - ok
23:07:31.0750 2544  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:07:31.0766 2544  adpahci - ok
23:07:31.0766 2544  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:07:31.0781 2544  adpu320 - ok
23:07:31.0797 2544  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:07:31.0828 2544  AeLookupSvc - ok
23:07:31.0906 2544  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
23:07:31.0953 2544  AFD - ok
23:07:31.0984 2544  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
23:07:32.0000 2544  agp440 - ok
23:07:32.0031 2544  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
23:07:32.0047 2544  aic78xx - ok
23:07:32.0109 2544  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
23:07:32.0140 2544  ALG - ok
23:07:32.0156 2544  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:07:32.0171 2544  aliide - ok
23:07:32.0187 2544  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:07:32.0203 2544  amdagp - ok
23:07:32.0203 2544  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:07:32.0218 2544  amdide - ok
23:07:32.0249 2544  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:07:32.0281 2544  AmdK8 - ok
23:07:32.0296 2544  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:07:32.0327 2544  AmdPPM - ok
23:07:32.0359 2544  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:07:32.0374 2544  amdsata - ok
23:07:32.0374 2544  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:07:32.0405 2544  amdsbs - ok
23:07:32.0421 2544  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:07:32.0421 2544  amdxata - ok
23:07:32.0468 2544  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:07:32.0468 2544  AntiVirSchedulerService - ok
23:07:32.0499 2544  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:07:32.0515 2544  AntiVirService - ok
23:07:32.0515 2544  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
23:07:32.0608 2544  AppID - ok
23:07:32.0639 2544  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:07:32.0686 2544  AppIDSvc - ok
23:07:32.0717 2544  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
23:07:32.0733 2544  Appinfo - ok
23:07:32.0764 2544  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:07:32.0780 2544  arc - ok
23:07:32.0780 2544  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:07:32.0780 2544  arcsas - ok
23:07:32.0811 2544  [ 6C0B68F7CF64A3D4BC2D81F82BFBBB96 ] asahci32        C:\Windows\system32\DRIVERS\asahci32.sys
23:07:32.0827 2544  asahci32 - ok
23:07:32.0842 2544  [ 42DC01802E752E4A29702E4F9F095045 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
23:07:32.0873 2544  asmthub3 - ok
23:07:32.0905 2544  [ ED5A68031DABDF981A418A34B35A9CE6 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
23:07:32.0951 2544  asmtxhci - ok
23:07:32.0967 2544  [ 46658EE12F6924E832697581FDD0E659 ] AsrAppCharger   C:\Windows\system32\DRIVERS\AsrAppCharger.sys
23:07:32.0983 2544  AsrAppCharger - ok
23:07:33.0014 2544  AsrCDDrv - ok
23:07:33.0061 2544  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:07:33.0139 2544  AsyncMac - ok
23:07:33.0154 2544  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
23:07:33.0154 2544  atapi - ok
23:07:33.0185 2544  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:07:33.0232 2544  AudioEndpointBuilder - ok
23:07:33.0232 2544  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:07:33.0263 2544  Audiosrv - ok
23:07:33.0279 2544  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:07:33.0295 2544  avgntflt - ok
23:07:33.0310 2544  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:07:33.0310 2544  avipbb - ok
23:07:33.0326 2544  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:07:33.0326 2544  avkmgr - ok
23:07:33.0357 2544  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:07:33.0419 2544  AxInstSV - ok
23:07:33.0451 2544  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
23:07:33.0482 2544  b06bdrv - ok
23:07:33.0497 2544  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
23:07:33.0513 2544  b57nd60x - ok
23:07:33.0544 2544  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:07:33.0560 2544  BDESVC - ok
23:07:33.0591 2544  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:07:33.0607 2544  Beep - ok
23:07:33.0638 2544  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
23:07:33.0669 2544  BFE - ok
23:07:33.0700 2544  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
23:07:33.0731 2544  BITS - ok
23:07:33.0778 2544  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:07:33.0794 2544  blbdrive - ok
23:07:33.0809 2544  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:07:33.0856 2544  bowser - ok
23:07:33.0856 2544  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:07:33.0919 2544  BrFiltLo - ok
23:07:33.0934 2544  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:07:33.0950 2544  BrFiltUp - ok
23:07:33.0981 2544  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
23:07:34.0012 2544  Browser - ok
23:07:34.0028 2544  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:07:34.0059 2544  Brserid - ok
23:07:34.0075 2544  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:07:34.0090 2544  BrSerWdm - ok
23:07:34.0106 2544  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:07:34.0121 2544  BrUsbMdm - ok
23:07:34.0137 2544  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:07:34.0153 2544  BrUsbSer - ok
23:07:34.0168 2544  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:07:34.0199 2544  BTHMODEM - ok
23:07:34.0231 2544  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
23:07:34.0277 2544  bthserv - ok
23:07:34.0309 2544  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:07:34.0340 2544  cdfs - ok
23:07:34.0355 2544  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:07:34.0371 2544  cdrom - ok
23:07:34.0418 2544  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
23:07:34.0449 2544  CertPropSvc - ok
23:07:34.0465 2544  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:07:34.0480 2544  circlass - ok
23:07:34.0511 2544  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
23:07:34.0527 2544  CLFS - ok
23:07:34.0589 2544  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:07:34.0605 2544  clr_optimization_v2.0.50727_32 - ok
23:07:34.0730 2544  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:07:34.0792 2544  clr_optimization_v4.0.30319_32 - ok
23:07:34.0808 2544  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:07:34.0839 2544  CmBatt - ok
23:07:34.0855 2544  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:07:34.0855 2544  cmdide - ok
23:07:34.0901 2544  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
23:07:34.0917 2544  CNG - ok
23:07:34.0964 2544  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:07:34.0964 2544  Compbatt - ok
23:07:34.0995 2544  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:07:35.0026 2544  CompositeBus - ok
23:07:35.0042 2544  COMSysApp - ok
23:07:35.0104 2544  [ 7730B883EBB41A576E62E42692395ABA ] cphs            C:\Windows\system32\IntelCpHeciSvc.exe
23:07:35.0120 2544  cphs - ok
23:07:35.0135 2544  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:07:35.0135 2544  crcdisk - ok
23:07:35.0182 2544  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:07:35.0213 2544  CryptSvc - ok
23:07:35.0260 2544  [ 5A639B2B630B572FFE9B72448A8A514D ] DBService       C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
23:07:35.0276 2544  DBService - ok
23:07:35.0307 2544  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:07:35.0354 2544  DcomLaunch - ok
23:07:35.0385 2544  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:07:35.0416 2544  defragsvc - ok
23:07:35.0463 2544  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:07:35.0494 2544  DfsC - ok
23:07:35.0525 2544  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:07:35.0572 2544  Dhcp - ok
23:07:35.0603 2544  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
23:07:35.0650 2544  discache - ok
23:07:35.0666 2544  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:07:35.0666 2544  Disk - ok
23:07:35.0681 2544  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:07:35.0713 2544  Dnscache - ok
23:07:35.0744 2544  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:07:35.0775 2544  dot3svc - ok
23:07:35.0806 2544  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
23:07:35.0853 2544  DPS - ok
23:07:35.0884 2544  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:07:35.0915 2544  drmkaud - ok
23:07:35.0947 2544  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:07:35.0962 2544  DXGKrnl - ok
23:07:35.0978 2544  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
23:07:36.0025 2544  EapHost - ok
23:07:36.0103 2544  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
23:07:36.0196 2544  ebdrv - ok
23:07:36.0212 2544  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
23:07:36.0227 2544  EFS - ok
23:07:36.0259 2544  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:07:36.0305 2544  ehRecvr - ok
23:07:36.0321 2544  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
23:07:36.0352 2544  ehSched - ok
23:07:36.0399 2544  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:07:36.0415 2544  elxstor - ok
23:07:36.0430 2544  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:07:36.0446 2544  ErrDev - ok
23:07:36.0477 2544  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
23:07:36.0508 2544  EventSystem - ok
23:07:36.0539 2544  [ E66710639A292F6341D63B01EE8E8037 ] ewsercd         C:\Windows\system32\DRIVERS\ewsercd.sys
23:07:36.0555 2544  ewsercd - ok
23:07:36.0586 2544  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
23:07:36.0617 2544  exfat - ok
23:07:36.0649 2544  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:07:36.0680 2544  fastfat - ok
23:07:36.0711 2544  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
23:07:36.0742 2544  Fax - ok
23:07:36.0758 2544  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:07:36.0773 2544  fdc - ok
23:07:36.0789 2544  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
23:07:36.0836 2544  fdPHost - ok
23:07:36.0836 2544  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
23:07:36.0867 2544  FDResPub - ok
23:07:36.0883 2544  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:07:36.0883 2544  FileInfo - ok
23:07:36.0883 2544  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:07:36.0914 2544  Filetrace - ok
23:07:36.0945 2544  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:07:36.0945 2544  flpydisk - ok
23:07:36.0976 2544  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:07:36.0976 2544  FltMgr - ok
23:07:37.0007 2544  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
23:07:37.0039 2544  FontCache - ok
23:07:37.0085 2544  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:07:37.0101 2544  FontCache3.0.0.0 - ok
23:07:37.0117 2544  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:07:37.0132 2544  FsDepends - ok
23:07:37.0148 2544  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:07:37.0148 2544  Fs_Rec - ok
23:07:37.0179 2544  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:07:37.0195 2544  fvevol - ok
23:07:37.0210 2544  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:07:37.0226 2544  gagp30kx - ok
23:07:37.0241 2544  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:07:37.0273 2544  gpsvc - ok
23:07:37.0304 2544  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:07:37.0335 2544  hcw85cir - ok
23:07:37.0366 2544  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:07:37.0382 2544  HdAudAddService - ok
23:07:37.0413 2544  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:07:37.0429 2544  HDAudBus - ok
23:07:37.0460 2544  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:07:37.0475 2544  HidBatt - ok
23:07:37.0491 2544  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:07:37.0507 2544  HidBth - ok
23:07:37.0522 2544  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:07:37.0569 2544  HidIr - ok
23:07:37.0585 2544  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
23:07:37.0616 2544  hidserv - ok
23:07:37.0663 2544  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:07:37.0678 2544  HidUsb - ok
23:07:37.0694 2544  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:07:37.0741 2544  hkmsvc - ok
23:07:37.0772 2544  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:07:37.0803 2544  HomeGroupListener - ok
23:07:37.0834 2544  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:07:37.0865 2544  HomeGroupProvider - ok
23:07:37.0897 2544  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:07:37.0897 2544  HpSAMD - ok
23:07:37.0943 2544  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:07:37.0975 2544  HTTP - ok
23:07:38.0006 2544  [ A89423D0132C8AB69BA621B6CE191714 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
23:07:38.0021 2544  hwdatacard - ok
23:07:38.0037 2544  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:07:38.0053 2544  hwpolicy - ok
23:07:38.0068 2544  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:07:38.0084 2544  i8042prt - ok
23:07:38.0115 2544  [ F4037A3FEDB92DD97C95F320766EA5C9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23:07:38.0131 2544  iaStor - ok
23:07:38.0193 2544  [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:07:38.0193 2544  IAStorDataMgrSvc - ok
23:07:38.0224 2544  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:07:38.0240 2544  iaStorV - ok
23:07:38.0287 2544  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:07:38.0318 2544  idsvc - ok
23:07:38.0521 2544  [ 1A8CBB05037285B76389FB9441AB42F6 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
23:07:38.0817 2544  igfx - ok
23:07:38.0848 2544  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:07:38.0864 2544  iirsp - ok
23:07:38.0911 2544  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:07:38.0957 2544  IKEEXT - ok
23:07:39.0051 2544  [ F2C17D2C3D70C389193D9954E375E5E3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:07:39.0098 2544  IntcAzAudAddService - ok
23:07:39.0145 2544  [ 7081EFE4EBF9CBBFF4EB5A3AC478DDC5 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
23:07:39.0160 2544  IntcDAud - ok
23:07:39.0191 2544  [ CD0943496A57B1DCDBDDA588FA432A2F ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
23:07:39.0223 2544  Intel(R) Capability Licensing Service Interface - ok
23:07:39.0238 2544  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:07:39.0238 2544  intelide - ok
23:07:39.0269 2544  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:07:39.0285 2544  intelppm - ok
23:07:39.0301 2544  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:07:39.0332 2544  IPBusEnum - ok
23:07:39.0347 2544  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:07:39.0363 2544  IpFilterDriver - ok
23:07:39.0394 2544  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:07:39.0441 2544  iphlpsvc - ok
23:07:39.0457 2544  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:07:39.0472 2544  IPMIDRV - ok
23:07:39.0488 2544  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:07:39.0519 2544  IPNAT - ok
23:07:39.0550 2544  [ 9F7E491FB0BA0F9E370163834FC1FE31 ] irda            C:\Windows\system32\DRIVERS\irda.sys
23:07:39.0581 2544  irda - ok
23:07:39.0597 2544  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:07:39.0628 2544  IRENUM - ok
23:07:39.0644 2544  [ 4220D2F03D5C4226D0A1AA4B84025E45 ] Irmon           C:\Windows\System32\irmon.dll
23:07:39.0659 2544  Irmon - ok
23:07:39.0691 2544  [ D04DA73127FFED720DFC4EB673A23E04 ] irsir           C:\Windows\system32\DRIVERS\irsir.sys
23:07:39.0706 2544  irsir - ok
23:07:39.0722 2544  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:07:39.0737 2544  isapnp - ok
23:07:39.0737 2544  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:07:39.0753 2544  iScsiPrt - ok
23:07:39.0784 2544  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:07:39.0784 2544  kbdclass - ok
23:07:39.0800 2544  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:07:39.0831 2544  kbdhid - ok
23:07:39.0862 2544  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
23:07:39.0878 2544  KeyIso - ok
23:07:39.0893 2544  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:07:39.0909 2544  KSecDD - ok
23:07:39.0909 2544  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:07:39.0925 2544  KSecPkg - ok
23:07:39.0956 2544  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:07:39.0987 2544  KtmRm - ok
23:07:40.0018 2544  [ AF87B68B1C23FE8C69808C4FFBD13ED7 ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys
23:07:40.0018 2544  L1C - ok
23:07:40.0049 2544  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:07:40.0081 2544  LanmanServer - ok
23:07:40.0127 2544  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:07:40.0174 2544  LanmanWorkstation - ok
23:07:40.0205 2544  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:07:40.0221 2544  lltdio - ok
23:07:40.0252 2544  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:07:40.0268 2544  lltdsvc - ok
23:07:40.0283 2544  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:07:40.0315 2544  lmhosts - ok
23:07:40.0330 2544  [ 1536D1C328E1B32E962DDBCEA70C74A6 ] LMS             C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:07:40.0346 2544  LMS - ok
23:07:40.0377 2544  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:07:40.0377 2544  LSI_FC - ok
23:07:40.0377 2544  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:07:40.0393 2544  LSI_SAS - ok
23:07:40.0408 2544  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:07:40.0408 2544  LSI_SAS2 - ok
23:07:40.0424 2544  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:07:40.0424 2544  LSI_SCSI - ok
23:07:40.0439 2544  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
23:07:40.0471 2544  luafv - ok
23:07:40.0486 2544  [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
23:07:40.0502 2544  MBAMProtector - ok
23:07:40.0533 2544  [ 43683E970F008C93C9429EF428147A54 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:07:40.0549 2544  MBAMService - ok
23:07:40.0595 2544  [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
23:07:40.0611 2544  McComponentHostService - ok
23:07:40.0642 2544  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:07:40.0673 2544  Mcx2Svc - ok
23:07:40.0689 2544  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:07:40.0705 2544  megasas - ok
23:07:40.0720 2544  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:07:40.0736 2544  MegaSR - ok
23:07:40.0767 2544  [ 240D715CFE4FB8F4CDA76F6863E62334 ] MEI             C:\Windows\system32\DRIVERS\HECI.sys
23:07:40.0814 2544  MEI - ok
23:07:40.0861 2544  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:07:40.0876 2544  Microsoft Office Groove Audit Service - ok
23:07:40.0892 2544  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
23:07:40.0923 2544  MMCSS - ok
23:07:40.0939 2544  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
23:07:40.0970 2544  Modem - ok
23:07:41.0001 2544  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:07:41.0017 2544  monitor - ok
23:07:41.0032 2544  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:07:41.0032 2544  mouclass - ok
23:07:41.0048 2544  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:07:41.0079 2544  mouhid - ok
23:07:41.0095 2544  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:07:41.0110 2544  mountmgr - ok
23:07:41.0141 2544  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:07:41.0157 2544  MozillaMaintenance - ok
23:07:41.0173 2544  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:07:41.0188 2544  mpio - ok
23:07:41.0204 2544  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:07:41.0235 2544  mpsdrv - ok
23:07:41.0266 2544  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:07:41.0297 2544  MpsSvc - ok
23:07:41.0313 2544  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:07:41.0329 2544  MRxDAV - ok
23:07:41.0344 2544  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:07:41.0375 2544  mrxsmb - ok
23:07:41.0407 2544  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:07:41.0422 2544  mrxsmb10 - ok
23:07:41.0438 2544  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:07:41.0453 2544  mrxsmb20 - ok
23:07:41.0469 2544  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
23:07:41.0469 2544  msahci - ok
23:07:41.0500 2544  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:07:41.0500 2544  msdsm - ok
23:07:41.0531 2544  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
23:07:41.0547 2544  MSDTC - ok
23:07:41.0578 2544  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:07:41.0609 2544  Msfs - ok
23:07:41.0641 2544  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:07:41.0672 2544  mshidkmdf - ok
23:07:41.0687 2544  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:07:41.0703 2544  msisadrv - ok
23:07:41.0734 2544  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:07:41.0765 2544  MSiSCSI - ok
23:07:41.0765 2544  msiserver - ok
23:07:41.0781 2544  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:07:41.0812 2544  MSKSSRV - ok
23:07:41.0828 2544  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:07:41.0859 2544  MSPCLOCK - ok
23:07:41.0859 2544  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:07:41.0890 2544  MSPQM - ok
23:07:41.0906 2544  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:07:41.0906 2544  MsRPC - ok
23:07:41.0921 2544  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:07:41.0921 2544  mssmbios - ok
23:07:41.0937 2544  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:07:41.0953 2544  MSTEE - ok
23:07:41.0968 2544  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:07:41.0968 2544  MTConfig - ok
23:07:41.0968 2544  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:07:41.0984 2544  Mup - ok
23:07:41.0999 2544  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
23:07:42.0046 2544  napagent - ok
23:07:42.0077 2544  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:07:42.0093 2544  NativeWifiP - ok
23:07:42.0124 2544  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:07:42.0140 2544  NDIS - ok
23:07:42.0155 2544  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:07:42.0171 2544  NdisCap - ok
23:07:42.0187 2544  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:07:42.0233 2544  NdisTapi - ok
23:07:42.0265 2544  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:07:42.0280 2544  Ndisuio - ok
23:07:42.0296 2544  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:07:42.0327 2544  NdisWan - ok
23:07:42.0343 2544  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:07:42.0358 2544  NDProxy - ok
23:07:42.0421 2544  [ 6D4028D458EAAA1782099750790DC8C9 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
23:07:42.0452 2544  Nero BackItUp Scheduler 3 - ok
23:07:42.0467 2544  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:07:42.0499 2544  NetBIOS - ok
23:07:42.0530 2544  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:07:42.0561 2544  NetBT - ok
23:07:42.0577 2544  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
23:07:42.0592 2544  Netlogon - ok
23:07:42.0608 2544  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
23:07:42.0670 2544  Netman - ok
23:07:42.0670 2544  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
23:07:42.0717 2544  netprofm - ok
23:07:42.0733 2544  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:07:42.0733 2544  NetTcpPortSharing - ok
23:07:42.0764 2544  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:07:42.0764 2544  nfrd960 - ok
23:07:42.0795 2544  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:07:42.0811 2544  NlaSvc - ok
23:07:42.0857 2544  [ D36107465E716CF2335A25C54B6D11C2 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
23:07:42.0873 2544  NMIndexingService - ok
23:07:42.0889 2544  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:07:42.0920 2544  Npfs - ok
23:07:42.0935 2544  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
23:07:42.0967 2544  nsi - ok
23:07:42.0967 2544  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:07:42.0998 2544  nsiproxy - ok
23:07:43.0045 2544  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:07:43.0091 2544  Ntfs - ok
23:07:43.0107 2544  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
23:07:43.0138 2544  Null - ok
23:07:43.0154 2544  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:07:43.0154 2544  nvraid - ok
23:07:43.0185 2544  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:07:43.0185 2544  nvstor - ok
23:07:43.0216 2544  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:07:43.0216 2544  nv_agp - ok
23:07:43.0294 2544  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:07:43.0325 2544  odserv - ok
23:07:43.0341 2544  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:07:43.0357 2544  ohci1394 - ok
23:07:43.0403 2544  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:07:43.0419 2544  ose - ok
23:07:43.0435 2544  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:07:43.0481 2544  p2pimsvc - ok
23:07:43.0513 2544  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:07:43.0544 2544  p2psvc - ok
23:07:43.0559 2544  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:07:43.0591 2544  Parport - ok
23:07:43.0606 2544  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:07:43.0622 2544  partmgr - ok
23:07:43.0622 2544  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
23:07:43.0653 2544  Parvdm - ok
23:07:43.0669 2544  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:07:43.0700 2544  PcaSvc - ok
23:07:43.0700 2544  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
23:07:43.0715 2544  pci - ok
23:07:43.0747 2544  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
23:07:43.0762 2544  pciide - ok
23:07:43.0778 2544  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:07:43.0793 2544  pcmcia - ok
23:07:43.0809 2544  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
23:07:43.0825 2544  pcw - ok
23:07:43.0856 2544  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:07:43.0871 2544  PEAUTH - ok
23:07:43.0918 2544  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
23:07:43.0981 2544  pla - ok
23:07:44.0027 2544  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:07:44.0059 2544  PlugPlay - ok
23:07:44.0074 2544  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:07:44.0105 2544  PNRPAutoReg - ok
23:07:44.0137 2544  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:07:44.0168 2544  PNRPsvc - ok
23:07:44.0183 2544  [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32         C:\Windows\system32\DRIVERS\point32.sys
23:07:44.0183 2544  Point32 - ok
23:07:44.0215 2544  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:07:44.0261 2544  PolicyAgent - ok
23:07:44.0277 2544  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
23:07:44.0308 2544  Power - ok
23:07:44.0339 2544  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:07:44.0371 2544  PptpMiniport - ok
23:07:44.0371 2544  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:07:44.0386 2544  Processor - ok
23:07:44.0417 2544  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
23:07:44.0433 2544  ProfSvc - ok
23:07:44.0449 2544  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:07:44.0464 2544  ProtectedStorage - ok
23:07:44.0480 2544  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:07:44.0495 2544  Psched - ok
23:07:44.0542 2544  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:07:44.0589 2544  ql2300 - ok
23:07:44.0620 2544  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:07:44.0636 2544  ql40xx - ok
23:07:44.0651 2544  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
23:07:44.0667 2544  QWAVE - ok
23:07:44.0683 2544  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:07:44.0698 2544  QWAVEdrv - ok
23:07:44.0714 2544  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:07:44.0745 2544  RasAcd - ok
23:07:44.0761 2544  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:07:44.0792 2544  RasAgileVpn - ok
23:07:44.0792 2544  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
23:07:44.0823 2544  RasAuto - ok
23:07:44.0839 2544  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:07:44.0854 2544  Rasl2tp - ok
23:07:44.0885 2544  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
23:07:44.0901 2544  RasMan - ok
23:07:44.0901 2544  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:07:44.0932 2544  RasPppoe - ok
23:07:44.0948 2544  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:07:44.0963 2544  RasSstp - ok
23:07:44.0995 2544  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:07:45.0010 2544  rdbss - ok
23:07:45.0010 2544  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:07:45.0041 2544  rdpbus - ok
23:07:45.0041 2544  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:07:45.0073 2544  RDPCDD - ok
23:07:45.0104 2544  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:07:45.0135 2544  RDPENCDD - ok
23:07:45.0151 2544  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:07:45.0182 2544  RDPREFMP - ok
23:07:45.0213 2544  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:07:45.0244 2544  RDPWD - ok
23:07:45.0275 2544  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:07:45.0291 2544  rdyboost - ok
23:07:45.0322 2544  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:07:45.0338 2544  RemoteAccess - ok
23:07:45.0353 2544  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:07:45.0385 2544  RemoteRegistry - ok
23:07:45.0400 2544  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:07:45.0431 2544  RpcEptMapper - ok
23:07:45.0447 2544  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
23:07:45.0463 2544  RpcLocator - ok
23:07:45.0463 2544  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
23:07:45.0494 2544  RpcSs - ok
23:07:45.0509 2544  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:07:45.0525 2544  rspndr - ok
23:07:45.0556 2544  [ 83E64D86A4D888D973DE824780567518 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
23:07:45.0572 2544  RTL8192su - ok
23:07:45.0587 2544  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
23:07:45.0587 2544  SamSs - ok
23:07:45.0619 2544  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:07:45.0619 2544  sbp2port - ok
23:07:45.0650 2544  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:07:45.0665 2544  SCardSvr - ok
23:07:45.0681 2544  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:07:45.0712 2544  scfilter - ok
23:07:45.0743 2544  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
23:07:45.0775 2544  Schedule - ok
23:07:45.0790 2544  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:07:45.0821 2544  SCPolicySvc - ok
23:07:45.0837 2544  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:07:45.0853 2544  SDRSVC - ok
23:07:45.0884 2544  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:07:45.0899 2544  secdrv - ok
23:07:45.0915 2544  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
23:07:45.0946 2544  seclogon - ok
23:07:45.0962 2544  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
23:07:45.0993 2544  SENS - ok
23:07:46.0009 2544  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:07:46.0040 2544  SensrSvc - ok
23:07:46.0055 2544  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:07:46.0087 2544  Serenum - ok
23:07:46.0102 2544  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:07:46.0118 2544  Serial - ok
23:07:46.0133 2544  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:07:46.0165 2544  sermouse - ok
23:07:46.0196 2544  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:07:46.0243 2544  SessionEnv - ok
23:07:46.0258 2544  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:07:46.0289 2544  sffdisk - ok
23:07:46.0289 2544  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:07:46.0305 2544  sffp_mmc - ok
23:07:46.0321 2544  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:07:46.0336 2544  sffp_sd - ok
23:07:46.0352 2544  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:07:46.0383 2544  sfloppy - ok
23:07:46.0399 2544  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:07:46.0430 2544  SharedAccess - ok
23:07:46.0445 2544  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:07:46.0477 2544  ShellHWDetection - ok
23:07:46.0492 2544  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
23:07:46.0508 2544  sisagp - ok
23:07:46.0523 2544  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:07:46.0523 2544  SiSRaid2 - ok
23:07:46.0555 2544  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:07:46.0570 2544  SiSRaid4 - ok
23:07:46.0586 2544  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:07:46.0617 2544  Smb - ok
23:07:46.0648 2544  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:07:46.0664 2544  SNMPTRAP - ok
23:07:46.0679 2544  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:07:46.0679 2544  spldr - ok
23:07:46.0695 2544  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
23:07:46.0726 2544  Spooler - ok
23:07:46.0789 2544  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
23:07:46.0867 2544  sppsvc - ok
23:07:46.0882 2544  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:07:46.0929 2544  sppuinotify - ok
23:07:46.0960 2544  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:07:46.0991 2544  srv - ok
23:07:47.0007 2544  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:07:47.0023 2544  srv2 - ok
23:07:47.0023 2544  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:07:47.0038 2544  srvnet - ok
23:07:47.0054 2544  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:07:47.0085 2544  SSDPSRV - ok
23:07:47.0101 2544  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
23:07:47.0101 2544  ssmdrv - ok
23:07:47.0116 2544  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:07:47.0147 2544  SstpSvc - ok
23:07:47.0147 2544  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:07:47.0163 2544  stexstor - ok
23:07:47.0194 2544  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
23:07:47.0225 2544  StiSvc - ok
23:07:47.0241 2544  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:07:47.0241 2544  swenum - ok
23:07:47.0272 2544  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
23:07:47.0303 2544  swprv - ok
23:07:47.0335 2544  [ CD77FD9B0071D2F36B14CC23DDE1AAD0 ] SXDS10          C:\Program Files\Common Files\soft Xpansion\sxds10.exe
23:07:47.0335 2544  SXDS10 ( UnsignedFile.Multi.Generic ) - warning
23:07:47.0335 2544  SXDS10 - detected UnsignedFile.Multi.Generic (1)
23:07:47.0366 2544  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
23:07:47.0413 2544  SysMain - ok
23:07:47.0413 2544  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:07:47.0444 2544  TabletInputService - ok
23:07:47.0459 2544  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:07:47.0491 2544  TapiSrv - ok
23:07:47.0506 2544  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
23:07:47.0522 2544  TBS - ok
23:07:47.0553 2544  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:07:47.0600 2544  Tcpip - ok
23:07:47.0631 2544  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:07:47.0647 2544  TCPIP6 - ok
23:07:47.0678 2544  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:07:47.0725 2544  tcpipreg - ok
23:07:47.0740 2544  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:07:47.0771 2544  TDPIPE - ok
23:07:47.0787 2544  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:07:47.0818 2544  TDTCP - ok
23:07:47.0834 2544  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:07:47.0865 2544  tdx - ok
23:07:47.0896 2544  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:07:47.0896 2544  TermDD - ok
23:07:47.0927 2544  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
23:07:47.0959 2544  TermService - ok
23:07:47.0974 2544  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
23:07:48.0005 2544  Themes - ok
23:07:48.0005 2544  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
23:07:48.0021 2544  THREADORDER - ok
23:07:48.0052 2544  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
23:07:48.0083 2544  TrkWks - ok
23:07:48.0115 2544  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:07:48.0161 2544  TrustedInstaller - ok
23:07:48.0193 2544  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:07:48.0208 2544  tssecsrv - ok
23:07:48.0224 2544  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:07:48.0255 2544  TsUsbFlt - ok
23:07:48.0271 2544  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:07:48.0302 2544  tunnel - ok
23:07:48.0317 2544  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:07:48.0317 2544  uagp35 - ok
23:07:48.0349 2544  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:07:48.0380 2544  udfs - ok
23:07:48.0395 2544  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:07:48.0411 2544  UI0Detect - ok
23:07:48.0442 2544  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:07:48.0458 2544  uliagpkx - ok
23:07:48.0473 2544  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:07:48.0473 2544  umbus - ok
23:07:48.0489 2544  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:07:48.0505 2544  UmPass - ok
23:07:48.0551 2544  [ 3D9D81B434031EB92744AFB329D6E4F1 ] UNS             C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:07:48.0567 2544  UNS - ok
23:07:48.0583 2544  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
23:07:48.0645 2544  upnphost - ok
23:07:48.0661 2544  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:07:48.0692 2544  usbccgp - ok
23:07:48.0723 2544  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:07:48.0739 2544  usbcir - ok
23:07:48.0754 2544  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:07:48.0770 2544  usbehci - ok
23:07:48.0801 2544  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:07:48.0817 2544  usbhub - ok
23:07:48.0832 2544  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:07:48.0832 2544  usbohci - ok
23:07:48.0848 2544  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:07:48.0879 2544  usbprint - ok
23:07:48.0895 2544  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:07:48.0910 2544  usbscan - ok
23:07:48.0926 2544  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:07:48.0941 2544  USBSTOR - ok
23:07:48.0957 2544  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:07:48.0957 2544  usbuhci - ok
23:07:48.0973 2544  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
23:07:49.0004 2544  UxSms - ok
23:07:49.0004 2544  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
23:07:49.0019 2544  VaultSvc - ok
23:07:49.0035 2544  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:07:49.0051 2544  vdrvroot - ok
23:07:49.0066 2544  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
23:07:49.0113 2544  vds - ok
23:07:49.0113 2544  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:07:49.0144 2544  vga - ok
23:07:49.0160 2544  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:07:49.0191 2544  VgaSave - ok
23:07:49.0222 2544  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:07:49.0238 2544  vhdmp - ok
23:07:49.0253 2544  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
23:07:49.0269 2544  viaagp - ok
23:07:49.0269 2544  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
23:07:49.0300 2544  ViaC7 - ok
23:07:49.0316 2544  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
23:07:49.0316 2544  viaide - ok
23:07:49.0331 2544  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:07:49.0331 2544  volmgr - ok
23:07:49.0347 2544  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:07:49.0363 2544  volmgrx - ok
23:07:49.0378 2544  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:07:49.0378 2544  volsnap - ok
23:07:49.0409 2544  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:07:49.0425 2544  vsmraid - ok
23:07:49.0456 2544  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
23:07:49.0487 2544  VSS - ok
23:07:49.0487 2544  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:07:49.0519 2544  vwifibus - ok
23:07:49.0519 2544  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:07:49.0534 2544  vwififlt - ok
23:07:49.0565 2544  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
23:07:49.0597 2544  W32Time - ok
23:07:49.0628 2544  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:07:49.0659 2544  WacomPen - ok
23:07:49.0690 2544  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:07:49.0737 2544  WANARP - ok
23:07:49.0737 2544  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:07:49.0753 2544  Wanarpv6 - ok
23:07:49.0784 2544  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
23:07:49.0831 2544  wbengine - ok
23:07:49.0862 2544  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:07:49.0877 2544  WbioSrvc - ok
23:07:49.0909 2544  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:07:49.0924 2544  wcncsvc - ok
23:07:49.0940 2544  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:07:49.0955 2544  WcsPlugInService - ok
23:07:49.0971 2544  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:07:49.0987 2544  Wd - ok
23:07:50.0002 2544  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:07:50.0018 2544  Wdf01000 - ok
23:07:50.0033 2544  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:07:50.0049 2544  WdiServiceHost - ok
23:07:50.0065 2544  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:07:50.0065 2544  WdiSystemHost - ok
23:07:50.0096 2544  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
23:07:50.0127 2544  WebClient - ok
23:07:50.0143 2544  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:07:50.0174 2544  Wecsvc - ok
23:07:50.0205 2544  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:07:50.0221 2544  wercplsupport - ok
23:07:50.0252 2544  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:07:50.0283 2544  WerSvc - ok
23:07:50.0314 2544  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:07:50.0345 2544  WfpLwf - ok
23:07:50.0345 2544  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:07:50.0361 2544  WIMMount - ok
23:07:50.0392 2544  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
23:07:50.0423 2544  WinDefend - ok
23:07:50.0423 2544  WinHttpAutoProxySvc - ok
23:07:50.0455 2544  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:07:50.0486 2544  Winmgmt - ok
23:07:50.0517 2544  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
23:07:50.0595 2544  WinRM - ok
23:07:50.0642 2544  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:07:50.0673 2544  Wlansvc - ok
23:07:50.0689 2544  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:07:50.0704 2544  WmiAcpi - ok
23:07:50.0720 2544  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:07:50.0751 2544  wmiApSrv - ok
23:07:50.0798 2544  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
23:07:50.0829 2544  WMPNetworkSvc - ok
23:07:50.0845 2544  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:07:50.0891 2544  WPCSvc - ok
23:07:50.0891 2544  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:07:50.0907 2544  WPDBusEnum - ok
23:07:50.0923 2544  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:07:50.0969 2544  ws2ifsl - ok
23:07:51.0001 2544  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
23:07:51.0032 2544  wscsvc - ok
23:07:51.0032 2544  WSearch - ok
23:07:51.0063 2544  [ 534C2D3D81B066FA24A075C224045654 ] WTGService      C:\Program Files\Verbindungsassistent\WTGService.exe
23:07:51.0079 2544  WTGService - ok
23:07:51.0141 2544  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
23:07:51.0235 2544  wuauserv - ok
23:07:51.0250 2544  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:07:51.0297 2544  WudfPf - ok
23:07:51.0313 2544  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:07:51.0328 2544  WUDFRd - ok
23:07:51.0359 2544  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:07:51.0375 2544  wudfsvc - ok
23:07:51.0391 2544  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:07:51.0422 2544  WwanSvc - ok
23:07:51.0453 2544  [ AD9DEE1257C7659083268F298890CE16 ] X6XSEx          C:\Program Files\Free Ride Games\X6XSEx.Sys
23:07:51.0469 2544  X6XSEx - ok
23:07:51.0469 2544  ================ Scan global ===============================
23:07:51.0500 2544  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
23:07:51.0531 2544  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
23:07:51.0531 2544  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
23:07:51.0562 2544  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:07:51.0578 2544  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:07:51.0593 2544  [Global] - ok
23:07:51.0593 2544  ================ Scan MBR ==================================
23:07:51.0593 2544  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:07:51.0859 2544  \Device\Harddisk0\DR0 - ok
23:07:51.0859 2544  ================ Scan VBR ==================================
23:07:51.0859 2544  [ 96C33EFEFCFAFC19C1F96A2450C30AB0 ] \Device\Harddisk0\DR0\Partition1
23:07:51.0859 2544  \Device\Harddisk0\DR0\Partition1 - ok
23:07:51.0890 2544  [ AF5AB8BFCEB76DFE588778FB09E5B3FE ] \Device\Harddisk0\DR0\Partition2
23:07:51.0890 2544  \Device\Harddisk0\DR0\Partition2 - ok
23:07:51.0921 2544  [ 65B67FC9219CEA115AEC11438613FDA3 ] \Device\Harddisk0\DR0\Partition3
23:07:51.0921 2544  \Device\Harddisk0\DR0\Partition3 - ok
23:07:51.0921 2544  ============================================================
23:07:51.0921 2544  Scan finished
23:07:51.0921 2544  ============================================================
23:07:51.0937 0248  Detected object count: 1
23:07:51.0937 0248  Actual detected object count: 1
23:11:09.0792 0248  SXDS10 ( UnsignedFile.Multi.Generic ) - skipped by user
23:11:09.0792 0248  SXDS10 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
__________________


Alt 06.09.2012, 15:33   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gesperrtes System_Trojaner Bundespolizei_Win7 32bit - Standard

Gesperrtes System_Trojaner Bundespolizei_Win7 32bit



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
__________________

Alt 06.09.2012, 18:03   #19
Elektritze
 
Gesperrtes System_Trojaner Bundespolizei_Win7 32bit - Standard

Gesperrtes System_Trojaner Bundespolizei_Win7 32bit



Hier das Combofix Log:

Code:
ATTFilter
ComboFix 12-09-06.01 - Anwender 06.09.2012  17:48:30.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3050.2045 [GMT 2:00]
ausgeführt von:: c:\users\Anwender\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-06 bis 2012-09-06  ))))))))))))))))))))))))))))))
.
.
2012-09-06 15:52 . 2012-09-06 15:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-03 13:25 . 2012-09-03 13:25	--------	d-----w-	c:\program files\ESET
2012-08-31 15:01 . 2012-08-31 15:01	--------	d-----w-	c:\users\Anwender\AppData\Roaming\Malwarebytes
2012-08-31 15:01 . 2012-08-31 15:01	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-08-31 15:01 . 2012-08-31 15:01	--------	d-----w-	c:\programdata\Malwarebytes
2012-08-31 15:01 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-31 06:35 . 2012-08-31 14:52	--------	d-----w-	c:\programdata\AVAST Software
2012-08-31 06:35 . 2012-08-31 06:35	--------	d-----w-	c:\program files\AVAST Software
2012-08-31 06:30 . 2010-11-20 02:17	302592	----a-w-	c:\windows\system32\utilman.exe
2012-08-30 19:40 . 2012-08-30 19:40	--------	d-----w-	c:\program files\Belkin
2012-08-30 19:40 . 2012-08-30 19:40	--------	d-----w-	c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}
2012-08-29 20:27 . 2012-08-31 16:18	--------	d-----w-	c:\users\Anwender\AppData\Roaming\Uurlrr
2012-08-29 08:46 . 2012-08-30 06:56	--------	d-----w-	c:\users\Anwender\Zrrlshn
2012-08-15 15:01 . 2012-07-18 17:47	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-08-15 15:01 . 2012-05-05 07:46	400896	----a-w-	c:\windows\system32\srcore.dll
2012-08-15 15:01 . 2012-02-11 05:43	492032	----a-w-	c:\windows\system32\win32spl.dll
2012-08-15 15:01 . 2012-02-11 05:37	317440	----a-w-	c:\windows\system32\spoolsv.exe
2012-08-15 15:00 . 2012-07-04 21:14	41984	----a-w-	c:\windows\system32\browcli.dll
2012-08-15 15:00 . 2012-07-04 21:14	102912	----a-w-	c:\windows\system32\browser.dll
2012-08-15 15:00 . 2012-05-14 04:33	769024	----a-w-	c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 10:38 . 2012-07-07 15:26	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 10:38 . 2012-07-07 15:26	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-07 15:13 . 2012-07-07 15:13	257376	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\sxppdf6_p.dll
2012-07-07 07:24 . 2012-07-07 07:24	100224	----a-w-	c:\windows\system32\drivers\ewsercd.sys
2012-07-04 14:29 . 2012-07-04 14:29	65536	----a-r-	c:\users\Anwender\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2012-07-04 09:30 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2012-07-04 08:24 . 2012-07-04 08:24	86528	----a-w-	c:\windows\system32\iesysprep.dll
2012-07-04 08:24 . 2012-07-04 08:24	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-07-04 08:24 . 2012-07-04 08:24	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-07-04 08:24 . 2012-07-04 08:24	74752	----a-w-	c:\windows\system32\iesetup.dll
2012-07-04 08:24 . 2012-07-04 08:24	63488	----a-w-	c:\windows\system32\tdc.ocx
2012-07-04 08:24 . 2012-07-04 08:24	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-07-04 08:24 . 2012-07-04 08:24	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-07-04 08:24 . 2012-07-04 08:24	367104	----a-w-	c:\windows\system32\html.iec
2012-07-04 08:24 . 2012-07-04 08:24	35840	----a-w-	c:\windows\system32\imgutil.dll
2012-07-04 08:24 . 2012-07-04 08:24	23552	----a-w-	c:\windows\system32\licmgr10.dll
2012-07-04 08:24 . 2012-07-04 08:24	161792	----a-w-	c:\windows\system32\msls31.dll
2012-07-04 08:24 . 2012-07-04 08:24	152064	----a-w-	c:\windows\system32\wextract.exe
2012-07-04 08:24 . 2012-07-04 08:24	150528	----a-w-	c:\windows\system32\iexpress.exe
2012-07-04 08:24 . 2012-07-04 08:24	11776	----a-w-	c:\windows\system32\mshta.exe
2012-07-04 08:24 . 2012-07-04 08:24	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-07-04 08:24 . 2012-07-04 08:24	101888	----a-w-	c:\windows\system32\admparse.dll
2012-06-19 14:54 . 2012-07-23 20:28	3240400	----a-w-	c:\windows\system32\drivers\RTKVHDA.sys
2012-06-18 01:14 . 2012-07-04 08:22	6762896	------w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{60FF4548-1A1F-4F18-A56F-FBC726E7A54B}\mpengine.dll
2012-08-02 11:09 . 2012-07-07 07:47	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BDA33FF0-AD30-4335-9082-D5967EADB37D}"= "c:\program files\DATA BECKER\PDF Genie 5.0\iexp32.dll" [2012-07-07 510608]
.
[HKEY_CLASSES_ROOT\clsid\{bda33ff0-ad30-4335-9082-d5967eadb37d}]
[HKEY_CLASSES_ROOT\PDF6IE.IEBarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EB97E8E-33AC-4872-B9EC-B9F0B91DE35B}]
[HKEY_CLASSES_ROOT\PDF6IE.IEBarBand]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2012-03-21 4862384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-21 144704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-21 180544]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-21 188224]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2012-03-21 4862384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logons]
2009-07-14 01:14	147456	----a-w-	c:\users\Anwender\AppData\Roaming\logons.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AsrCDDrv;AsrCDDrv;c:\windows\system32\Drivers\AsrCDDrv.sys [x]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\system32\IntelCpHeciSvc.exe [x]
R3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\DRIVERS\ewsercd.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 SXDS10;soft Xpansion Dispatch Service;c:\program files\Common Files\soft Xpansion\sxds10.exe \Service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 asahci32;asahci32;c:\windows\system32\DRIVERS\asahci32.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WTGService;WTGService;c:\program files\Verbindungsassistent\WTGService.exe [x]
S2 X6XSEx;X6XSEx;c:\program files\Free Ride Games\X6XSEx.Sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-07 10:38]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-857302832-1272101758-2402345916-1000Core.job
- c:\users\Anwender\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 11:05]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-857302832-1272101758-2402345916-1000UA.job
- c:\users\Anwender\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 11:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mystart.incredimail.com/mb135?a=6OyHcmxOed
mStart Page = hxxp://www.google.com
mWindow Title = Arcor AG & Co. KG
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\sbo2ndgd.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb135?a=6PQIEfbfVV
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/mb134/?loc=ff_address_bar&a=6OyHcmxOed&search=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Arcor Online - (no file)
HKLM-Run-TaskTray - (no file)
HKLM-Run-Arcor Online - (no file)
MSConfigStartUp-4E5B272F - c:\users\Anwender\AppData\Roaming\Uurlrr\eueplelblu.exe
AddRemove-_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-06  17:54:19
ComboFix-quarantined-files.txt  2012-09-06 15:54
.
Vor Suchlauf: 8 Verzeichnis(se), 212.368.490.496 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 213.100.015.616 Bytes frei
.
- - End Of File - - 47EA3A3A385DA7F4F4C00D9EA4549EF1
         
Kurze Zwischenfrage:
Kann ich zwischenzeitlich schon mal die verschlüsselten Dateien wiederherstellen (mittels Schattenkopien) oder ist das nicht so günstig...?

Alt 06.09.2012, 21:17   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gesperrtes System_Trojaner Bundespolizei_Win7 32bit - Standard

Gesperrtes System_Trojaner Bundespolizei_Win7 32bit



Mach dich an die Entschlüsselung ran wenn wir durch sind! Und bevor du irgendwas versuchst zu reparieren Backup der verschlüsselten Dateien machen bevor du noch mehr kaputtmachst!

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Folder::
c:\users\Anwender\AppData\Roaming\Uurlrr
c:\users\Anwender\Zrrlshn

Firefox::
FF - ProfilePath - c:\users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\sbo2ndgd.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - http://mystart.incredimail.com/mb135?a=6PQIEfbfVV
FF - prefs.js: keyword.URL - http://mystart.incredimail.com/mb134/?loc=ff_address_bar&a=6OyHcmxOed&search=
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.09.2012, 23:28   #21
Elektritze
 
Gesperrtes System_Trojaner Bundespolizei_Win7 32bit - Standard

Gesperrtes System_Trojaner Bundespolizei_Win7 32bit



Zitat:
Und bevor du irgendwas versuchst zu reparieren Backup der verschlüsselten Dateien machen bevor du noch mehr kaputtmachst!
Das ist aber jetzt ungerecht!!! Das ist doch gar nicht mein Rechner! Ich mache mir hier seit Tagen die Mühe, um einem Bekannten zu helfen...

Aber das konntest Du ja nicht wissen! ;-)

Hier also das Log:

Code:
ATTFilter
ComboFix 12-09-06.02 - Anwender 06.09.2012  22:58:00.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3050.2084 [GMT 2:00]
ausgeführt von:: c:\users\Anwender\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Anwender\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Anwender\AppData\Roaming\Uurlrr
c:\users\Anwender\Zrrlshn
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-06 bis 2012-09-06  ))))))))))))))))))))))))))))))
.
.
2012-09-06 21:01 . 2012-09-06 21:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-03 13:25 . 2012-09-03 13:25	--------	d-----w-	c:\program files\ESET
2012-08-31 15:01 . 2012-08-31 15:01	--------	d-----w-	c:\users\Anwender\AppData\Roaming\Malwarebytes
2012-08-31 15:01 . 2012-08-31 15:01	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-08-31 15:01 . 2012-08-31 15:01	--------	d-----w-	c:\programdata\Malwarebytes
2012-08-31 15:01 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-31 06:35 . 2012-08-31 14:52	--------	d-----w-	c:\programdata\AVAST Software
2012-08-31 06:35 . 2012-08-31 06:35	--------	d-----w-	c:\program files\AVAST Software
2012-08-31 06:30 . 2010-11-20 02:17	302592	----a-w-	c:\windows\system32\utilman.exe
2012-08-30 19:40 . 2012-08-30 19:40	--------	d-----w-	c:\program files\Belkin
2012-08-30 19:40 . 2012-08-30 19:40	--------	d-----w-	c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}
2012-08-15 15:01 . 2012-07-18 17:47	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-08-15 15:01 . 2012-05-05 07:46	400896	----a-w-	c:\windows\system32\srcore.dll
2012-08-15 15:01 . 2012-02-11 05:43	492032	----a-w-	c:\windows\system32\win32spl.dll
2012-08-15 15:01 . 2012-02-11 05:37	317440	----a-w-	c:\windows\system32\spoolsv.exe
2012-08-15 15:00 . 2012-07-04 21:14	41984	----a-w-	c:\windows\system32\browcli.dll
2012-08-15 15:00 . 2012-07-04 21:14	102912	----a-w-	c:\windows\system32\browser.dll
2012-08-15 15:00 . 2012-05-14 04:33	769024	----a-w-	c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 10:38 . 2012-07-07 15:26	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 10:38 . 2012-07-07 15:26	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-07 15:13 . 2012-07-07 15:13	257376	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\sxppdf6_p.dll
2012-07-07 07:24 . 2012-07-07 07:24	100224	----a-w-	c:\windows\system32\drivers\ewsercd.sys
2012-07-04 14:29 . 2012-07-04 14:29	65536	----a-r-	c:\users\Anwender\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2012-07-04 09:30 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2012-07-04 08:24 . 2012-07-04 08:24	86528	----a-w-	c:\windows\system32\iesysprep.dll
2012-07-04 08:24 . 2012-07-04 08:24	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-07-04 08:24 . 2012-07-04 08:24	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-07-04 08:24 . 2012-07-04 08:24	74752	----a-w-	c:\windows\system32\iesetup.dll
2012-07-04 08:24 . 2012-07-04 08:24	63488	----a-w-	c:\windows\system32\tdc.ocx
2012-07-04 08:24 . 2012-07-04 08:24	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-07-04 08:24 . 2012-07-04 08:24	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-07-04 08:24 . 2012-07-04 08:24	367104	----a-w-	c:\windows\system32\html.iec
2012-07-04 08:24 . 2012-07-04 08:24	35840	----a-w-	c:\windows\system32\imgutil.dll
2012-07-04 08:24 . 2012-07-04 08:24	23552	----a-w-	c:\windows\system32\licmgr10.dll
2012-07-04 08:24 . 2012-07-04 08:24	161792	----a-w-	c:\windows\system32\msls31.dll
2012-07-04 08:24 . 2012-07-04 08:24	152064	----a-w-	c:\windows\system32\wextract.exe
2012-07-04 08:24 . 2012-07-04 08:24	150528	----a-w-	c:\windows\system32\iexpress.exe
2012-07-04 08:24 . 2012-07-04 08:24	11776	----a-w-	c:\windows\system32\mshta.exe
2012-07-04 08:24 . 2012-07-04 08:24	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-07-04 08:24 . 2012-07-04 08:24	101888	----a-w-	c:\windows\system32\admparse.dll
2012-06-19 14:54 . 2012-07-23 20:28	3240400	----a-w-	c:\windows\system32\drivers\RTKVHDA.sys
2012-06-18 01:14 . 2012-07-04 08:22	6762896	------w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{60FF4548-1A1F-4F18-A56F-FBC726E7A54B}\mpengine.dll
2012-08-02 11:09 . 2012-07-07 07:47	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BDA33FF0-AD30-4335-9082-D5967EADB37D}"= "c:\program files\DATA BECKER\PDF Genie 5.0\iexp32.dll" [2012-07-07 510608]
.
[HKEY_CLASSES_ROOT\clsid\{bda33ff0-ad30-4335-9082-d5967eadb37d}]
[HKEY_CLASSES_ROOT\PDF6IE.IEBarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EB97E8E-33AC-4872-B9EC-B9F0B91DE35B}]
[HKEY_CLASSES_ROOT\PDF6IE.IEBarBand]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2012-03-21 4862384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-21 144704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-21 180544]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-21 188224]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2012-03-21 4862384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logons]
2009-07-14 01:14	147456	----a-w-	c:\users\Anwender\AppData\Roaming\logons.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AsrCDDrv;AsrCDDrv;c:\windows\system32\Drivers\AsrCDDrv.sys [x]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\system32\IntelCpHeciSvc.exe [x]
R3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\DRIVERS\ewsercd.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 SXDS10;soft Xpansion Dispatch Service;c:\program files\Common Files\soft Xpansion\sxds10.exe \Service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 asahci32;asahci32;c:\windows\system32\DRIVERS\asahci32.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WTGService;WTGService;c:\program files\Verbindungsassistent\WTGService.exe [x]
S2 X6XSEx;X6XSEx;c:\program files\Free Ride Games\X6XSEx.Sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-07 10:38]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-857302832-1272101758-2402345916-1000Core.job
- c:\users\Anwender\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 11:05]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-857302832-1272101758-2402345916-1000UA.job
- c:\users\Anwender\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 11:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mystart.incredimail.com/mb135?a=6OyHcmxOed
mStart Page = hxxp://www.google.com
mWindow Title = Arcor AG & Co. KG
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\sbo2ndgd.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-06  23:03:02
ComboFix-quarantined-files.txt  2012-09-06 21:03
ComboFix2.txt  2012-09-06 15:54
.
Vor Suchlauf: 11 Verzeichnis(se), 213.193.719.808 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 212.906.954.752 Bytes frei
.
- - End Of File - - AA3C53E862C818ABA566555EC247D879
         

Alt 07.09.2012, 11:51   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gesperrtes System_Trojaner Bundespolizei_Win7 32bit - Standard

Gesperrtes System_Trojaner Bundespolizei_Win7 32bit



Zitat:
Das ist aber jetzt ungerecht!!! Das ist doch gar nicht mein Rechner! Ich mache mir hier seit Tagen die Mühe, um einem Bekannten zu helfen...
Was ist daran ungerecht und was sollte das daran ändern, dass es nicht dein Rechner ist? Ist doch piepegal wessen Rechner, bevor man versucht was zu entschlüsseln macht man nunmal Sicherheitskopien Punkt aus fertig!

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.09.2012, 13:55   #23
Elektritze
 
Gesperrtes System_Trojaner Bundespolizei_Win7 32bit - Standard

Gesperrtes System_Trojaner Bundespolizei_Win7 32bit



Lieber cosinus,

Das "ungerecht" bezog sich auf diesen Teil Deiner Antwort:
Zitat:
bevor du noch mehr kaputtmachst!
- ich bin mir nicht bewußt, irgendwas kaputt gemacht zu haben (im Gegenteil!)
- ich habe ja nur vorsichtig nachgefragt, ob ich mit dem Entschlüsseln schon anfangen kann
- ich habe das in keinster Weise böse gemeint, nur spassig (hast Du den ";-)" nicht gesehen?
- ich weiss Deine Hilfe durchaus zu würdigen und bin Dir auch sehr dankbar dafür!!!

Also, "Nix für Ungut"!

Hier nun die Logs:

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-07 13:02:08
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500DM002-1BD142 rev.KC45
Running: pdy6m005.exe; Driver: C:\Users\Anwender\AppData\Local\Temp\pwlcruob.sys


---- System - GMER 1.0.15 ----

SSDT            913C7EC6                                                                                                                                   ZwCreateSection
SSDT            913C7ED0                                                                                                                                   ZwRequestWaitReplyPort
SSDT            913C7ECB                                                                                                                                   ZwSetContextThread
SSDT            913C7ED5                                                                                                                                   ZwSetSecurityObject
SSDT            913C7EDA                                                                                                                                   ZwSystemDebugControl
SSDT            913C7E67                                                                                                                                   ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                                                                   8307A989 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                                     8309A4E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntoskrnl.exe!KeRemoveQueueEx + 14BF                                                                                                        830A187C 4 Bytes  [C6, 7E, 3C, 91]
.text           ntoskrnl.exe!KeRemoveQueueEx + 181B                                                                                                        830A1BD8 4 Bytes  [D0, 7E, 3C, 91] {SAR BYTE [ESI+0x3c], 0x1; XCHG ECX, EAX}
.text           ntoskrnl.exe!KeRemoveQueueEx + 185F                                                                                                        830A1C1C 4 Bytes  [CB, 7E, 3C, 91] {RETF ; JLE 0x3f; XCHG ECX, EAX}
.text           ntoskrnl.exe!KeRemoveQueueEx + 18DB                                                                                                        830A1C98 4 Bytes  [D5, 7E, 3C, 91] {AAD 0x7e; CMP AL, 0x91}
.text           ntoskrnl.exe!KeRemoveQueueEx + 192F                                                                                                        830A1CEC 4 Bytes  [DA, 7E, 3C, 91] {FIDIVR DWORD [ESI+0x3c]; XCHG ECX, EAX}
.text           ...                                                                                                                                        
.vmp2           C:\Windows\system32\drivers\acedrv11.sys                                                                                                   entry point in ".vmp2" section [0x98D8B69D]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[364] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [7545FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[364] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [7545FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[364] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [7545FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[364] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [7545FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device                                                                                                                                                     Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)

AttachedDevice                                                                                                                                             X6XSEx.Sys

Device                                                                                                                                                     fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                     fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                     rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                     fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                     rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                     fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                     rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                     fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                     rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004d                                                                                                          halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice                                                                                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:27:47 on 07.09.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-857302832-1272101758-2402345916-1000Core.job" - "Google Inc." - C:\Users\Anwender\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-857302832-1272101758-2402345916-1000UA.job" - "Google Inc." - C:\Users\Anwender\AppData\Local\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"AsrAppCharger" (AsrAppCharger) - "Windows (R) Win 7 DDK provider" - C:\Windows\System32\DRIVERS\AsrAppCharger.sys
"AsrCDDrv" (AsrCDDrv) - ? - C:\Windows\system32\Drivers\AsrCDDrv.sys  (File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Anwender\AppData\Local\Temp\catchme.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"X6XSEx" (X6XSEx) - "Exent Technologies Ltd." - C:\Program Files\Free Ride Games\X6XSEx.Sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplact.dll
{124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll
{10E72E6C-F89F-44AA-91AE-9FB5C88C6760} "ControlsExt Class" - "DATA BECKER" - C:\Program Files\DATA BECKER\PDF Genie 5.0\iexp32.dll
{59A3380E-5305-4cea-BD99-4F2FF510C91F} "FineReader9.FRContextMenu.1" - "ABBYY" - C:\Program Files\ABBYY FineReader 9.0\FRIntegration.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplsens.dll
{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} "IntelliType Pro Key Settings Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll
{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} "IntelliType Pro Scrolling Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll
{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71} "IntelliType Pro Touchpad Control Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcpltp.dll
{A2569D1F-4E06-43EC-9825-0088B471BE47} "IntelliType Pro Wireless Control Panel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll
{97FA8AA2-EE77-4FF2-9449-424D8924EF21} "IntelliType Pro Zooming Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{8F652E6E-8313-419E-8D5A-E932C64A6767} "SX_PDF6_CONV WEThumbnail Class" - "DATA BECKER" - C:\Program Files\DATA BECKER\PDF Genie 5.0\weprvw32.dll
{18357DE3-1BFC-45E4-A215-73709054847A} "SX_PDF6_CONV.ShellExt" - "DATA BECKER" - C:\Program Files\DATA BECKER\PDF Genie 5.0\sx_shell32.dll
{C533AB49-9805-4972-8326-A084696B00F0} "Touch Mouse Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcpltouchmouse.dll
{1184D0ED-DBCE-4170-8DBB-4D0C3905DA85} "Touch Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcpltouch.dll
{7834E880-F0CC-4FA7-B4F3-FDB0F4E816A5} "Touch Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcpltouchstrip.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{6A060448-60F9-11D5-A6CD-0002B31F7455} "ExentInf Class" - "Exent Technologies Ltd." - C:\Windows\Downloaded Program Files\ExentCtl.ocx / 
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash32_11_3_300_271.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
{BDA33FF0-AD30-4335-9082-D5967EADB37D} "PDF Genie 5.0" - "DATA BECKER" - C:\Program Files\DATA BECKER\PDF Genie 5.0\iexp32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Exetender" - "Exent Technologies Ltd." - "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
"ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"EEventManager" - "SEIKO EPSON CORPORATION" - C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"IAStorIcon" - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"IntelliPoint" - "Microsoft Corporation" - "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"ISUSScheduler" - "InstallShield Software Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"itype" - "Microsoft Corporation" - "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NBKeyScan" - "Nero AG" - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ABBYY FineReader 9.0 PE Licensing Service" (ABBYY.Licensing.FineReader.Professional.9.0) - "ABBYY" - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"DATA BECKER Update Service" (DBService) - "DATA BECKER GmbH & Co KG" - C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
"Intel(R) Capability Licensing Service Interface" (Intel(R) Capability Licensing Service Interface) - "Intel(R) Corporation" - C:\Program Files\Intel\iCLS Client\HeciServer.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"soft Xpansion Dispatch Service" (SXDS10) - "soft Xpansion" - C:\Program Files\Common Files\soft Xpansion\sxds10.exe
"WTGService" (WTGService) - ? - C:\Program Files\Verbindungsassistent\WTGService.exe  (File found, but it contains no detailed information)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-07 13:30:37
-----------------------------
13:30:37.264    OS Version: Windows 6.1.7601 Service Pack 1
13:30:37.264    Number of processors: 2 586 0x2A07
13:30:37.264    ComputerName: ***-PC  UserName: Anwender
13:30:38.699    Initialize success
13:31:27.745    AVAST engine defs: 12090700
13:32:00.084    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:32:00.084    Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 11
13:32:00.100    Disk 0 MBR read successfully
13:32:00.100    Disk 0 MBR scan
13:32:00.115    Disk 0 Windows 7 default MBR code
13:32:00.115    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:32:00.131    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       238369 MB offset 206848
13:32:00.162    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       238468 MB offset 488386560
13:32:00.162    Disk 0 scanning sectors +976769024
13:32:00.240    Disk 0 scanning C:\Windows\system32\drivers
13:32:07.868    Service scanning
13:32:24.311    Modules scanning
13:32:30.286    Disk 0 trace - called modules:
13:32:30.816    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS asahci32.sys 
13:32:30.832    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87a9c7c8]
13:32:30.832    3 CLASSPNP.SYS[8c65659e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86018030]
13:32:32.298    AVAST engine scan C:\Windows
13:32:34.654    AVAST engine scan C:\Windows\system32
13:34:29.548    AVAST engine scan C:\Windows\system32\drivers
13:34:39.423    AVAST engine scan C:\Users\Anwender
13:35:52.493    File: C:\Users\Anwender\AppData\Roaming\logons.exe  **INFECTED** Win32:Trojan-gen
13:36:35.128    AVAST engine scan C:\ProgramData
13:37:02.069    Scan finished successfully
13:38:42.752    Disk 0 MBR has been saved successfully to "C:\Users\Anwender\Desktop\MBR.dat"
13:38:42.752    The log file has been saved successfully to "C:\Users\Anwender\Desktop\aswMBR.txt"
         

Alt 09.09.2012, 21:44   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gesperrtes System_Trojaner Bundespolizei_Win7 32bit - Standard

Gesperrtes System_Trojaner Bundespolizei_Win7 32bit



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.09.2012, 11:52   #25
Elektritze
 
Gesperrtes System_Trojaner Bundespolizei_Win7 32bit - Standard

Gesperrtes System_Trojaner Bundespolizei_Win7 32bit



So hier die beiden Logs:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.10.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Anwender :: ***-PC [Administrator]

Schutz: Aktiviert

10.09.2012 16:12:45
mbam-log-2012-09-10 (16-12-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 434810
Laufzeit: 1 Stunde(n), 42 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
SUPERAntiSpyware Scan Log
SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 09/11/2012 at 10:40 AM

Application Version : 5.5.1016

Core Rules Database Version : 9203
Trace Rules Database Version: 7015

Scan type       : Complete Scan
Total Scan Time : 01:55:17

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 675
Memory threats detected   : 0
Registry items scanned    : 35770
Registry threats detected : 0
File items scanned        : 222880
File threats detected     : 468

Adware.Tracking Cookie
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\CCLUNL4D.txt [ /track.adform.net ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\RSHM73EQ.txt [ /ad.zanox.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\GOG54BNY.txt [ /ad1.adfarm1.adition.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\RBKJV6VN.txt [ /apmebf.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\JDFK3EU5.txt [ /tribalfusion.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\YEYQP9Q3.txt [ /media.gan-online.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\MGP1NCJE.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\Q1QRP7O2.txt [ /adform.net ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\061XVB23.txt [ /adxpose.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\CZQ8ELUA.txt [ /zedo.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\YG2GDX4T.txt [ /vodafonegroup.122.2o7.net ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\YTA87HDN.txt [ /imrworldwide.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\E5HC2FNH.txt [ /ad.360yield.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\9N30HB1L.txt [ /mediaplex.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\5ZWOOAAK.txt [ /ad.yieldmanager.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\LRNAM9CY.txt [ /invitemedia.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\KFGTQIQZ.txt [ /casalemedia.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\CDBO95MQ.txt [ /zanox.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\JHIRNF8S.txt [ /ru4.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\IEA4B0HV.txt [ /atdmt.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\5PH22SPB.txt [ /lucidmedia.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\H6G04FPJ.txt [ /serving-sys.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\A9XODKUW.txt [ /bs.serving-sys.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\MDETS7WM.txt [ /ad3.adfarm1.adition.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\UWCI2OY3.txt [ /adbrite.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\V5C3QO0Q.txt [ /questionmarket.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\CANLJ91X.txt [ /ad.adition.net ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\T6UM2ZMA.txt [ /yieldmanager.net ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\ZI3CKGYV.txt [ /tradedoubler.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\WU43BBZA.txt [ /revsci.net ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\S510F0JG.txt [ /doubleclick.net ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\1Y6BU0V2.txt [ /fastclick.net ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\SVI43ZQM.txt [ /www.rambler.ru ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\9S6SO8W9.txt [ /adfarm1.adition.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\CQWGFPMP.txt [ /media6degrees.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\C0QS42T5.txt [ /smartadserver.com ]
	C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\P65RU2AE.txt [ /rambler.ru ]
	C:\USERS\ANWENDER\AppData\Roaming\Microsoft\Windows\Cookies\1SB26DE0.txt [ Cookie:anwender@clkads.com/adServe/banners ]
	C:\USERS\ANWENDER\AppData\Roaming\Microsoft\Windows\Cookies\NO4RARXE.txt [ Cookie:anwender@clkads.com/adServe ]
	C:\USERS\ANWENDER\AppData\Roaming\Microsoft\Windows\Cookies\Low\C15IP93K.txt [ Cookie:anwender@adform.net/ ]
	C:\USERS\ANWENDER\AppData\Roaming\Microsoft\Windows\Cookies\Low\4V0ZPIQY.txt [ Cookie:anwender@statse.webtrendslive.com/ ]
	C:\USERS\ANWENDER\AppData\Roaming\Microsoft\Windows\Cookies\Low\J6UKC720.txt [ Cookie:anwender@server.adform.net/ ]
	C:\USERS\ANWENDER\AppData\Roaming\Microsoft\Windows\Cookies\Low\0LVZVZLD.txt [ Cookie:anwender@revsci.net/ ]
	C:\USERS\ANWENDER\AppData\Roaming\Microsoft\Windows\Cookies\Low\TZ8INPA3.txt [ Cookie:anwender@doubleclick.net/ ]
	C:\USERS\ANWENDER\Cookies\RSHM73EQ.txt [ Cookie:anwender@ad.zanox.com/ ]
	C:\USERS\ANWENDER\Cookies\1SB26DE0.txt [ Cookie:anwender@clkads.com/adServe/banners ]
	C:\USERS\ANWENDER\Cookies\RBKJV6VN.txt [ Cookie:anwender@apmebf.com/ ]
	C:\USERS\ANWENDER\Cookies\JDFK3EU5.txt [ Cookie:anwender@tribalfusion.com/ ]
	C:\USERS\ANWENDER\Cookies\MGP1NCJE.txt [ Cookie:anwender@ad2.adfarm1.adition.com/ ]
	C:\USERS\ANWENDER\Cookies\Q1QRP7O2.txt [ Cookie:anwender@adform.net/ ]
	C:\USERS\ANWENDER\Cookies\CZQ8ELUA.txt [ Cookie:anwender@zedo.com/ ]
	C:\USERS\ANWENDER\Cookies\YG2GDX4T.txt [ Cookie:anwender@vodafonegroup.122.2o7.net/ ]
	C:\USERS\ANWENDER\Cookies\YTA87HDN.txt [ Cookie:anwender@imrworldwide.com/cgi-bin ]
	C:\USERS\ANWENDER\Cookies\NO4RARXE.txt [ Cookie:anwender@clkads.com/adServe ]
	C:\USERS\ANWENDER\Cookies\5ZWOOAAK.txt [ Cookie:anwender@ad.yieldmanager.com/ ]
	C:\USERS\ANWENDER\Cookies\LRNAM9CY.txt [ Cookie:anwender@invitemedia.com/ ]
	C:\USERS\ANWENDER\Cookies\JHIRNF8S.txt [ Cookie:anwender@ru4.com/ ]
	C:\USERS\ANWENDER\Cookies\IEA4B0HV.txt [ Cookie:anwender@atdmt.com/ ]
	C:\USERS\ANWENDER\Cookies\5PH22SPB.txt [ Cookie:anwender@lucidmedia.com/ ]
	C:\USERS\ANWENDER\Cookies\A9XODKUW.txt [ Cookie:anwender@bs.serving-sys.com/ ]
	C:\USERS\ANWENDER\Cookies\V5C3QO0Q.txt [ Cookie:anwender@questionmarket.com/ ]
	C:\USERS\ANWENDER\Cookies\CANLJ91X.txt [ Cookie:anwender@ad.adition.net/ ]
	C:\USERS\ANWENDER\Cookies\T6UM2ZMA.txt [ Cookie:anwender@yieldmanager.net/ ]
	C:\USERS\ANWENDER\Cookies\ZI3CKGYV.txt [ Cookie:anwender@tradedoubler.com/ ]
	C:\USERS\ANWENDER\Cookies\WU43BBZA.txt [ Cookie:anwender@revsci.net/ ]
	C:\USERS\ANWENDER\Cookies\S510F0JG.txt [ Cookie:anwender@doubleclick.net/ ]
	C:\USERS\ANWENDER\Cookies\1Y6BU0V2.txt [ Cookie:anwender@fastclick.net/ ]
	C:\USERS\ANWENDER\Cookies\SVI43ZQM.txt [ Cookie:anwender@www.rambler.ru/ ]
	C:\USERS\ANWENDER\Cookies\CQWGFPMP.txt [ Cookie:anwender@media6degrees.com/ ]
	C:\USERS\ANWENDER\Cookies\C0QS42T5.txt [ Cookie:anwender@smartadserver.com/ ]
	.doubleclick.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.adform.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stats.crsend.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stats.crsend.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stats.crsend.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.apmebf.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas.apm.emediate.eu [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas4.emediate.eu [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad4.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.amazon-adsystem.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.libri.112.2o7.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.zanox.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tradedoubler.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.imrworldwide.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.imrworldwide.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ad.adnet.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	media.gan-online.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zanox.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	in.getclicky.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad1.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.adform.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adform.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	adx.chip.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracker.vinsight.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ww251.smartadserver.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.unitymedia.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.unitymedia.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.im.banner.t-online.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ad.adnet.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.google.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.accounts.google.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.accounts.google.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.guj.122.2o7.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.clickfuse.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas.apm.emediate.eu [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.fastclick.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas.apm.emediate.eu [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.bs.serving-sys.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.a.revenuemax.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ad.adnet.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad2.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tradedoubler.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.traffictrack.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.dealtime.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	statsadv.dadapro.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.lego.112.2o7.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stat.dealtime.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	Ad-Track.de - Günstige Online Werbung direkt beim Erzeuger buchen [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.c.atdmt.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.c.atdmt.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.avanquest.upclick.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.avanquest.upclick.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.upclick.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	leads.383media.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	leads.383media.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.c1.atdmt.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.countomat.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	Angebote, Service, Beratung und mehr im Onlineshop und in Ihrem Markt vor Ort - Media Markt [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.guj.122.2o7.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	UseNeXT | In vollem DSL-Speed aus dem Usenet downloaden! [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	ad.dyntracker.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	tracking.sim-technik.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.Online Counter gratis - Kostenloser Besucherzhler mit Statistik [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adviva.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	clickundflieg.com - Last Minute Reisen, Pauschalreisen, Lastminute Urlaub & Flge gnstig buchen [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.clickundflieg.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.clickundflieg.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.clickundflieg.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.mm.chitika.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	server.adformdsp.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adformdsp.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.tracker.vinsight.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	tomtailor.dyntracker.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	media.gan-online.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.lucidmedia.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	targeting.revenuemax.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	stats.crsend.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	stats.crsend.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	stats.crsend.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.server.cpmstar.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.server.cpmstar.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.server.cpmstar.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	Kostenloser Counter Besucherstatistik Besucherzhler Webstatistik [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.mmstat.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.clickfuse.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.clickfuse.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.clickfuse.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]

PotentiallyUnwanted.SoftonicDownloader
	G:\ALLE DATEIEN BIS 10. FEBRUAR 2012\EIGENE DATEIEN 03.APRIL 2012\DOWNLOADS\SOFTONICDOWNLOADER_FUER_AVIRA-ANTIVIR.EXE
	G:\ALLE DATEIEN BIS 10. FEBRUAR 2012\EIGENE DATEIEN20. 2.2012 NICHT LöSCHEN\DOWNLOADS\SOFTONICDOWNLOADER_FUER_AVIRA-ANTIVIR.EXE
	G:\EIGENE DATEIEN AB 20.06.2011\EIGENE DATEIEN17.3.2012\DOWNLOADS\SOFTONICDOWNLOADER_FUER_AVIRA-ANTIVIR.EXE

Trojan.Agent/Gen-Multi
	C:\WINDOWS\SYSTEM32\AMCBUTTON.OCX
         

Geändert von Elektritze (11.09.2012 um 11:54 Uhr) Grund: Formatierung

Alt 11.09.2012, 17:21   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gesperrtes System_Trojaner Bundespolizei_Win7 32bit - Standard

Gesperrtes System_Trojaner Bundespolizei_Win7 32bit



Sieht ok aus, da wurden nur Cookies gefunden. Außerdem Softonic-Müll und das mit AMCBUTTON sieht mir nach einem Fehlalarm aus. Alles löschen bis auf AMCBUTTON

Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.09.2012, 23:58   #27
Elektritze
 
Gesperrtes System_Trojaner Bundespolizei_Win7 32bit - Standard

Gesperrtes System_Trojaner Bundespolizei_Win7 32bit



Scheint alles normal, außer das Avira immer noch diese logons.exe anmeckert:

Siehe Bild im Anhang!

Ich habe sie dann entfernen lassen, komischerweise steht aber immer noch die Verknüpfung im Systemstart...
Angehängte Grafiken
Dateityp: png Avira.PNG (18,4 KB, 93x aufgerufen)

Alt 12.09.2012, 01:17   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gesperrtes System_Trojaner Bundespolizei_Win7 32bit - Standard

Gesperrtes System_Trojaner Bundespolizei_Win7 32bit



hab ich die völlig übesehen

Einfachster Weg zuerst: Mit Avira in die Q verschieben. Neustart. Beobachten ob sie wieder auftaucht. Wenn ja, sind wir hier leider nicht so schnell fertig
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.09.2012, 14:21   #29
Elektritze
 
Gesperrtes System_Trojaner Bundespolizei_Win7 32bit - Standard

Gesperrtes System_Trojaner Bundespolizei_Win7 32bit



Taucht nicht mehr als Virenwarnung auf, nur die Verknüpfung im Systemstart bleibt!
Ist ja deaktiviert und das Ziel ist ja nicht mehr vorhanden...

Kann man die auch noch irgendwie weg kriegen?

Alt 12.09.2012, 15:48   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gesperrtes System_Trojaner Bundespolizei_Win7 32bit - Standard

Gesperrtes System_Trojaner Bundespolizei_Win7 32bit



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" in der ersten Zeile muss mitkopiert werden!!!)

Code:
ATTFilter
:Files
C:\Users\Anwender\AppData\Roaming\*.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Gesperrtes System_Trojaner Bundespolizei_Win7 32bit
antivir, avira, becker, bho, bildschirm, bundespolizei, desktop, driver genius, entfernen, error, excel, firefox, flash player, home, install.exe, installation, locker, mozilla, msiexec.exe, msiinstaller, nicht installiert, nicht sicher, ntdll.dll, object, office 2007, problem, programm, realtek, registry, scan, security, senden, software, system, system gesperrt, trojan.inject, trojaner, usb 3.0, windows



Ähnliche Themen: Gesperrtes System_Trojaner Bundespolizei_Win7 32bit


  1. Netzwerkvirus-Langsamer-PC-unautorisiertes Netzwerkgerät-gesperrtes eigenes Lokales Konto
    Log-Analyse und Auswertung - 14.02.2015 (15)
  2. GVU-Trojaner - Windows XP 32Bit
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (39)
  3. GVU Trojaner, Vista 32bit
    Log-Analyse und Auswertung - 13.06.2013 (33)
  4. BKA-Trojaner auf Vista-32bit PC mit XP als 2. BS
    Plagegeister aller Art und deren Bekämpfung - 11.05.2013 (23)
  5. GVU Trojaner Windows XP 32bit
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (15)
  6. GVU Trojaner WinVista 32bit
    Log-Analyse und Auswertung - 22.01.2013 (3)
  7. GVU 2.11 Trojaner Win Vista 32bit
    Log-Analyse und Auswertung - 17.01.2013 (5)
  8. GVU Trojaner 100€_Win7 32Bit
    Log-Analyse und Auswertung - 28.12.2012 (6)
  9. Trojaner GVU vista 32bit
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (8)
  10. [Win7]32Bit Bka-Trojaner 1.13
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (2)
  11. Win7 32bit GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (3)
  12. GVU Trojaner 2.07 Windows 7 32bit
    Log-Analyse und Auswertung - 26.09.2012 (9)
  13. GVU Trojaner auf Win7 32bit
    Log-Analyse und Auswertung - 11.09.2012 (7)
  14. GVU Trojaner Windows7 32bit
    Log-Analyse und Auswertung - 14.08.2012 (11)
  15. Gesperrtes Windows und Zahlungsaufforderung
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (23)
  16. AKM Trojaner und OTLPENet.exe win xp 32bit
    Log-Analyse und Auswertung - 29.05.2012 (1)
  17. Gesperrtes Windows, Zahle 50 € zum entsperren
    Log-Analyse und Auswertung - 07.02.2012 (4)

Zum Thema Gesperrtes System_Trojaner Bundespolizei_Win7 32bit - Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis : Bitte den Virenscanner abstellen bevor du den - Gesperrtes System_Trojaner Bundespolizei_Win7 32bit...
Archiv
Du betrachtest: Gesperrtes System_Trojaner Bundespolizei_Win7 32bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.